[ https://issues.apache.org/jira/browse/PARQUET-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17758777#comment-17758777 ]
jincongho commented on PARQUET-2338: ------------------------------------ [~ste...@apache.org] Yes, the commit is correct. It's just not been released yet, maybe a 1.13.2 soon? > CVE-2022-25168 in hadoop-common > ------------------------------- > > Key: PARQUET-2338 > URL: https://issues.apache.org/jira/browse/PARQUET-2338 > Project: Parquet > Issue Type: Bug > Components: parquet-hadoop > Affects Versions: 1.13.1 > Reporter: jincongho > Priority: Major > > [CVE-2022-25168|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168] > requires updating hadoop-common to 3.2.4 or 3.3.3. > Although `FileUtils.untar` isnt used inparquet-hadoop, will appreciate if we > can release a new parquet-hadoop soon with these newer version. Otherwise > parquet-hadoop will be flagged as security concern too. -- This message was sent by Atlassian Jira (v8.20.10#820010)